Engineering Network Services - CSU

Engineering Network Services
 

Change File Permissions

Forbidden

You don't have permission to access /file_name.html on this server.


This error is telling you is that the file permissions for the HTML page you are attempting to view are set incorrectly. This is a very common error. Following the instructions below should help you to eliminate this problem with your web site.

If you are attempting to create a web site within your U:\public_html directory you should know that there is a special case concerning permissions with that network location. Because the public_html directory is within your personal directory, the file server will automatically revert any altered files back to the most restrictive permissions.

This is a security measure to make sure that no one but yourself has access to the files within your U:\ drive. But what ends up happening is that your HTML files will no longer have the right permissions to be seen by the Internet and your viewers will see the error message above when accessing your site. So you will need to repeat the instructions below for your U:\public_html files every time you edit or create one.

Every computer file on a Unix platform (where the Engineering web server is located) has permissions that allow the files to be view via the Internet. If the permissions are not set correctly, then an HTML file will not be viewable on the Internet. To change the permissions:

SSH into a Unix computer
  1. You can do this from a Windows computer by following these steps:
    A freeware program called PuTTY is required to connect to the Engineering Network. Contact ENS if you are unsure which version to download.
    1. NOTE: There are 16 Linux stations to choose from (linux1 - linux16.engr.colostate.edu)
    2. Click "Run" from the Start menu.
    3. Type "ssh linux1.engr.colostate.edu" in the dialog box that appears.
    4. Login using your Engineering username and password.
  2. Change to the appropriate directory if you need to. (If you want to modify your entire public_html directory then skip this step.) To do this you use the Unix "cd" command.
  3. To change the permissions of all of the files within that directory, type "chmod -R 755 directoryname" . (Replace "directoryname" with the actual name of the directory.)
    If you wish to only change permissions for one file, type "chmod 755 filename".
  4. Type "exit" to log out of the SSH session when you are done.

Understanding permission values

The Unix command "chmod -R 755 public_html" above changes the permissions of all files within your public_html directory so that they can be viewable via the Internet. The command "chmod" tells the computer you want to change permissions. The "-R" stands for "recursive" which means that the command will affect every single file within the directory you choose. If you didn't use "-R" then the chmod command would only affect the public_html directory alone. The "755" stands for what you want to change the permissions to, more on this below. And the "public_html" is the file or directory you want the command to affect.

So what does the "755" mean? As mentioned above, Unix files and folders are protected on three different categories. These levels are:

  • User
    This effects what the owner of the file or folder can do to it.
  • Group
    This level affects the rights of a group of users. This allows more than one person to read and edit a file. Who is in a particular group is controlled by the computer's administrator.
  • Other
    This sets the permissions for anyone else who is not the owner or part of the group. This is important for HTML files because all Internet browsers are considered to be within this category. Incorrect permissions set for the "other" category is what results in the "Forbidden" error message.

The "755", then, stands for each of these categories. The first digit (in this case, the "7") stands for the user, the second relates to the permissions for the group and the last digit is for the other category. But what do the actual numbers mean?

Within each of the owner, group and other levels, there are three parameters that can be set. These parameters are:

  • Read
    This allows the file to be viewed. This parameter must be set in the "other" category to allow an HTML file to be viewed via the Internet.
  • Write
    A file can only be altered if the write permission is set.
  • Execute
    If the file is a program, this allows it to be run or used. This is an especially important parameter with CGI applications.

Each of these parameters have a number associated with it. The read parameter is "4", the write parameter is "2" and the execute is "1". So to determine what you want the permissions to be for a directory or file, you just add the numbers together. For example, the "other" category in the example above is a "5". This means that the read and the execute parameters are set for the "other" category. This table may help illustrate how this works:

value read write execute
0 - - -
1 - - x
2 - w -
3 - w x
4 r - -
5 r - x
6 r w -
7 r w x

So, using the "755" example above, it would mean that the owner of the directory or file has read, write and execute permissions and the group and other users have only read and execute permissions and will not be able to edit the files.

 
layout image
layout image

This document last modified Wednesday October 19, 2016


Engineering Network Services home page link College of Engineering home page link